I have exactly the same issue with ispconfig3 and rk hunter with the same warnings. I uncommented the lines in rkhunter.conf that refer to the issues in the warnings but I still get the warnings and the emails every hour. I know how to stop the emails but I really want to stop the warning by fixing the problem
Its a brand new centos5.3 server install using the howto from here on ispconfig3 and centos5.3.

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes

what should this setting be I am assuming this is what is spitting out the error and sending me the email with the following quote

Ok finally happy after more searching around I have fixed all the issues.
I had to modify sshd_conf

Protocol 2
PermitRootLogin no

Click to expand...

and restart sshd

I ran the rkhunter -c scan again it returned no warnings and this time I did not receive the email, meaning the hourly scan now will stop harrassing me by email unless there is a problem

Thanks to you guys for some of the previous posts which did eventually give me clues as to sorting out what he underlying issue was, as searches on the warnings generally show up more confused souls lol

If my memory doesn't fails me, the .hosts.swp is a file that vi or vim create when hosts file is opened but if vi or vim unexpectedly closes this file remains, so if you remove it everything will be fine...

I believe that some thing similar mus happen with .pwd.lock file.

I definitely have to recommend you that don't add any hidden file unless of course you know what you are doing.

About allowing or not root to login via ssh everybody has its tastes (if you have sudo/su you don't need root ssh access). But of course always have a very strong password for root (something like "xEw-Rki66;5vb4").

do you think i should remove the "ALLOWHIDDENFILE=/etc/.hosts.swp" exception I put in rkhunter.conf for ".hosts.swp" and delete the "b0VIM 7.0" entry in the ".hosts.swp" to fix the warning error instead?